Between Cloud, Mobility and the Enterprise is the API Middle Ground

Scott Morrison

K. Scott Morrison is the Chief Technology Officer and Chief Architect at Layer 7 Technologies, where he is leading a team developing the next generation of security infrastructure for cloud computing and SOA. An architect and developer of highly scalable, enterprise systems for over 20 years, Scott has extensive experience across industry sectors as diverse as health, travel and transportation, and financial services. He has been a Director of Architecture and Technology at Infowave Software, a leading maker of wireless security and acceleration software for mobile devices, and was a senior architect at IBM. Before shifting to the private sector, Scott was with the world-renowned medical research program of the University of British Columbia, studying neurodegenerative disorders using medical imaging technology.

Scott is a dynamic, entertaining and highly sought-after speaker. His quotes appear regularly in the media, from the New York Times, to the Huffington Post and the Register. Scott has published over 50 book chapters, magazine articles, and papers in medical, physics, and engineering journals. His work has been acknowledged in the New England Journal of Medicine, and he has published in journals as diverse as the IEEE Transactions on Nuclear Science, the Journal of Cerebral Blood Flow, and Neurology. He is the co-author of the graduate text Cloud Computing, Principles, Systems and Applications published by Springer, and is on the editorial board of Springer’s new Journal of Cloud Computing Advances, Systems and Applications (JoCCASA). He co-authored both Java Web Services Unleashed and Professional JMS. Scott is an editor of the WS-I Basic Security Profile (BSP), and is co-author of the original WS-Federation specification. He is a recent co-author of the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing, and an author of that organization’s Top Threats to Cloud Computing research. Scott was recently a featured speaker for the Privacy Commission of Canada’s public consultation into the privacy implications of cloud computing. He has even lent his expertise to the film and television industry, consulting on a number of features including the X-Files. Scott’s current interests are in cloud computing, Web services security, enterprise architecture and secure mobile computing—and of course, his wife and two great kids.

Security Journal on Ulitzer
So you’ve bought into the idea of service-orientation. Congratulations.
You’ve begun to create services throughout your internal corporate network.
Some of these run on .NET servers; others are Java services; still others are
Ruby-on-Rails—in fact, one day you woke up and discovered you even have a
mainframe service to manage. But the question you face now is this: how can
all of these services be made available to consumers on the Internet? And
more important, how can you do it securely?
Most organizations buffer their contact with the outside world using a DMZ.
Externally facing systems, such as web servers, live in the DMZ. They mediate
access to internal resources, implementing—well, hopefully implementing—a
restrictive security model. The DMZ exists to create a security air gap
between protocols. The idea is that any system deployed ... (more)

Practically on the anniversary of Anne Thomas Manes now-famous SOA-is-Dead
pronouncement, David Linthicum suggests we convene the vigil for design-time
service governance. Dave maintains that cloud technology is going to kill
this canonical aspect of governance because runtime service governance simply
provides much more immediate value. Needless to say, rather than a somber
occasion, Dave’s started more of a donnybrook. I guess it’s about time to
get off of the bench and join in the fun.
The incendiary nature of is-dead statements often conceal the subtle but
important ideas b... (more)

The Cloud Security Alliance (CSA) needs your help to better understand the
risk associated with cloud threats. Earlier this year, the CSA convened a
working group with the mandate to identify the top threats in the cloud. This
group brought together a diverse set of security and cloud experts, including
myself representing Layer 7. Our group identified 7 major threats that exist
in the cloud, but now we would like to gauge how the community as a whole
perceives the risk these threats pose.
I would like to invite you to participate in a short survey so we can get
your input. This... (more)

Security, Management & Compliance Track at Cloud Expo
Register Today and Save $550 !
Explore Sponsorship Opportunities !
Today marks the beginning of RSA conference in San Francisco, and the Cloud
Security Alliance (CSA) has been quick out of the gate with the release of
its Top Threats to Cloud Computing Report. This peer-reviewed paper
characterizes the top seven threats to cloud computing, offering examples and
remediation steps.
The seven threats identified by the CSA are:
Abuse and Nefarious Use of Cloud Computing Insecure Application Programming
Interfaces Malicious Insider... (more)

Christian Perry has an article in Processor Magazine that I contributed some
quotes to. The article is about the ongoing debate about the merits of public
and private clouds in the enterprise.
One of the assertions that VMWare made at last week’s VMWorld conference is
that secure hybrid clouds are the future for enterprise IT.
This is a sentiment I agree with. But I also see the private part of the
hybrid cloud as an excellent stepping stone to public clouds.
Most future enterprise cloud apps will reside in the hybrid cloud; however,
there will always be some applications, such as... (more)